Network measurements are becoming crucial for the operation and security of the Internet, and of several services including for instance application-level multicast trees, content distribution and peer-to-peer (P2P) systems. Numerous tools for estimating various aspects of network performance have been proposed, among them, for instance, with regard to bandwidth measurements: Sprobe (see for reference S. Sariou, P. Gummadi and S. Gribble: “SProbe: A Fast Technique for Measuring Bottleneck Bandwidth in Uncooperative Environments”, in INFOCOM, 2002), with regard to latency: traceroute (see for reference ftp://ftp.ee.lbl.gov/traceroute.tar.gz) or ping (see for reference ftp://ftp.arl.mil/pub/ping.shar), or with regard to link quality: mtr (see for reference http://www.bitwizard.nl/mtr/).
Given the current trends in designing a secure next-generation Internet, the design of current measurement tools is showing the limits of foresight in the design/deployment of these tools:
First of all, current network measurement tools were developed without prior security considerations, which makes them vulnerable to external and internal attacks ranging from IP spoofing to delay and rushing attacks. Since the measurements are performed end-to-end, the end-hosts might not be able to distinguish these attacks from “authentic” measurements. These security vulnerabilities might also affect the operation of the applications that make use of these measurement tools, thus increasing the gain of the attacker. Some of these problems are described in detail in M. A. Kaafar, L. Mathy, C. Barakat. K. Salamatian, T. Turletti, and W. Dabbous: “Securing Internet Coordinate Embedding Systems”, in Proceedings of ACM SIGCOMM, 2007, or also in G. Karame, B. Danev, C. Bannwart, and S. Capkun: “On the Security of End-to-End Measurements based on Packet-Pair Dispersions”, in IEEE Transactions on Information Forensics & Security (TIFS), 2013.
Secondly, there are no implicit trust assumptions as current network measurement tools implicitly assume that both end-hosts are honest and behave “correctly”. However, in many situations, end-hosts might have considerable incentives to cheat and increase their advantage in the network (e.g., free-riding). In this regard, references made, e.g., to A. Walters, D. Zage and C. Nita-Rotaru: “A Framework for Mitigating Attacks Against Measurement-Based Adaptation Mechanisms in Unstructured Multicast Overlay Networks”, in ACM/IEEE Trans, on Networking, 2007. Indeed, if the endpoints misbehave and do not obey the measurement protocol, the estimated end-to-end metric will not reflect the authentic state of the network.
Until recently, the end-to-end principle (for reference, see J. H. Saltzer, D. P. Reed and D. D. Clark: “End-to-End Arguments in System Design”, in ACM Transactions on Computer Systems, 1984) has provided a justifiable rationale for moving functions closer to the end-hosts and has shaped the way the current Internet is designed. The true leverage of the end-to-end argument was implicitly a global architecture comprising a “naive” network and “smart” applications that do not require functionality from the switching elements deployed within the network. Given this, the design of network measurements tools equally adopted the end-to-end principle.